RDP over SSH

Due to the technical nature of the issue pointed out here and the lack of good information (or the lack of time to look for this information), I decided to post this article in english rather than dutch.
I hope the information is useful to you.

It’s working!
Today in Sweden I set up a secure SSH tunnel to use a remote Windows 2003 Terminal Server.
For this I used:
Windows 2003 Terminal Server (Standard)
Gentoo Linux
OpenSSH for Windows

The problem:
If you want to access your TS that’s on a LAN, you don’t want to open port 3389, because you don’t want your Terminal Server to be directly accessible from the Outside World.

Why this is a problem:
Windows’ out-of-the-box security is vulnerable to the so called man in the middle attack.
If somebody else wants to hack your system, there are many ways to let your remote users think they are talking to their Terminal Server, while, instead, they are talking to a party in the middle.
The logon information they provide to this unknown party will be passed on to the original terminal server and nobody will ever know.

What I did to circumvent this:
I opened port 22 on the LAN where my TS resides.
(this port was already open for SSH access to my Linux server).
I created an ordinairy user account, so my remote user can connect to the Linux server over SSH.
I used OpenSSH for Windows and I created an SSH keypair, uploaded the public key to the Linux server for Public Key Authentication and I created a batch file around this.
(Establish the connection, inform the user about it and keep the window open, so future information about problems with exchanging keys will remain visible!)

The result:
Step 1. The Remote User activates the batch file through a shortcut on his desktop.
This activates the SSH tunnel to the Linux server and it redirects his local port 3389 to port 3389 of the remote TS.
Step 2. As a second and last step the remote user starts the Terminal Server Client that connects to his localhost:3389, which will be redirected to the TS because of the tunnel established in step 1.

That’s it!
I’ve got this working under Windows 2000, but Windows XP Professional still needs a little bit of tweaking, because of Windows XP’s built-in ability to be a TS itself. (I don’t know about Windows XP Home. Anybody?)

I found some information about downloading the TS client to a seperate directory and activating the Compatibilty Mode for this .EXE (by default, the client won’t connect to localhost, but if you tell the .EXE to run in Windows 95 Compatibilty Mode, it will), but there is quite a gap between this theoretical knowledge and a situation that actually works.

Well, that’s it for today. I’m off.
Have a lot of fun TS’sing!

BTW: I;’m writing this article from the Sigtuna Stads Hotell in Sweden, the SSH; how appropriate!   🙂